The Schwartz Report

Obama Issues Executive Order To Tackle Cyber Threat

President Barack Obama yesterday issued an executive order mandating government agencies share information about cyber threats between state and local governments, and the private sector.

It's the latest effort by the President, who revealed the order in his State of the Union address, to combat the growing number of attacks that have hit the federal government, businesses and operators of critical infrastructure.

Just last week, the Federal Reserve was the victim of an "Anonymous" hack in which user data from the Fed's Emergency Communications System was breached, though reportedly no data was compromised. Reports of major cyber-attacks across the public and private sectors have become routine and the President made no bones that risks of cyber terrorism loom large.

"America must also face the rapidly growing threat from cyber-attacks," Obama said in last night's address. "Now, we know hackers steal people's identities and infiltrate private e-mails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."

The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience mandates the heads of all federal agencies and departments to identify and remediate all threats to critical infrastructure and ensuring a policy for continuity. The directive emphasizes information sharing, without disrupting existing privacy policies:

Greater information sharing within the government and with the private sector can and must be done while respecting privacy and civil liberties. Federal departments and agencies shall ensure that all existing privacy principles, policies, and procedures are implemented consistent with applicable law and policy and shall include senior agency officials for privacy in their efforts to govern and oversee information sharing properly.

The directive may get a warmer reception from privacy proponents because, while it orders the government to inform with the private sector and operators of Internet infrastructure, it only goes one way. The private sector and operators are not required to share information with the government, Forbespoints out.

Nevertheless, the i2Coalition, a lobby group consisting of hosting providers including Rackspace, Softlayer and Hedgehog Hosting, called on the White House to support the controversial Cyber Intelligence Sharing and Protection Act (CISPA) information-sharing bill, which two members of the House of Representatives are set to re-introduce today. Originally introduced last year, it died in the Senate and the White House hasn't supported it to date.

"Companies like those that make up the i2Coalition -- the providers of the nuts and bolts of the Internet -- must have a seat at the table in any discussion about the future of cybersecurity," noted Christian Dawson, the i2Coalition's co-founder and board chair, in a blog post, which included an online petition for Homeland Security Secretary Janet Napolitano. "We must work to achieve voluntary best practices that promote the growth of an open Internet. To be successful, the efforts must be truly voluntary and not a result of heavy-handed 'incentives' that effectively compel compliance."

CISPA is more controversial than the President's order because the former would let companies such as Facebook or Google share information regarding cyber attacks with the Feds, notesPCMag, while the President's order only requires the government to share information with the private sector.

However the battle with CISPA plays out, it looks like the administration has taken a step forward in stepping up defenses against cyber threats.